Posted August 06, 2016

For example, when there is a security flaw that hasn't been patched, sometimes there is a way to mitigate or eliminate the danger. For example, when Heartbleed was a threat, the risk could be eliminated by recompiling OpenSSL without TLS heartbeat support (which happens to be easy for the end user to do on Gentoo GNU/Linux, but not so easy on other distributions).
Another example: I mentioned hardware. Well, sure enough, there are plenty of errata issued for modern CPUs; quite often, a kernel will need to add extra code to work around such issues. One famous example was the Pentium FDIV flaw; certain division operations would give incorrect results.
Although a company that does acknowledging a problem exists isn't the same as supporting it. Wasn't there a recent cease & desist sent out for a large game (Dark Souls 2 maybe?) where a workaround was censored out by the devs?